unsender/dfca
unsender
/
dfca
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Made repo 

- Tried to make the README.md instructions as user friendly as possible.
  - Covers the PGP aspect which did need explaining.
  - Mentions the need for software hygiene.
- Folder structure in git repo is better than current 'tar' file structure.
  - Git repo structure TO BE ADOPTED for any future version
This commit is contained in:
Unsender 2023-06-06 19:16:40 +09:30
commit 83e28b2536
No known key found for this signature in database
20 changed files with 8563 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
README.md Normal file
View File

@ -0,0 +1,140 @@
<img src="img/dfca_v1-profile_tiny.jpg" width="24"> Digital Feudalism Counter Action (DFCA <img src="identicons/0.2.0.png" width="24" alt="SHA-256 identicon of DFCA 0.2.0"> 0.2.0 beta)
=======================================
We can no longer wait for politicians to enforce antitrust law. Enforce it yourself by blocking the *digital feudalists* and importantly __get a little popup notification__ when a program attempts to contact them (pictured). Also, with a few minor customizations you can see *__which__* program attempted to contact said feudalist. See below image.
<img src="img/dfca_v1-hero_digital-feudalism-counter-action_blocking-google_photography-cristina-gottardi-unsplash.webp" width="700" height="467" alt="Image of DFCA (Digital Feudalism Counter Action) giving a small on-screen notification when an application, in this case Firefox, tried to connect to the digital feudalist, Google, with a message, 'Google out blocked' in bold, and below that, 'Firefox ~ DFCA Antitrust Law'."><br>&nbsp;
While enforcing __DFCA Antitrust Law__, you'll see just how bad our once-vibrant internet has become. While the *digital feudalists* shape our culture, ideology, language, the people we know, and what we value, the situation worsens by the day. It is impossible to predict when the worst possible harm will occur, but with so many highly publicized platforms under the feudalists' surveillance and control, the worst possible harm may *already* be unavoidable.
It is a matter of public record and must also be noted that the *digital feudalists* are military-contracted. Similarly countless independent observers have over the years revealed the feudalists' links to the industrial security complex, whose purpose it is to divide and fragment the general population to secure the privileges of the most wealthy.
The *digital feudalists* are a threat to human civilization as we know, or should we say, 'knew' it.
__This 'DFCA Antitrust Law' setup will__:
- block IP addresses of the following *digital feudalists*:
- Amazon,
- Cloudflare,
- Microsoft,
- Google,
- Musk (eg. SpaceX, Twitter etc),
- Oracle,
- Alibaba,
- Akamai,
- Tencent,
- Apple, and
- Facebook.
It also, importantly, __tells you when it blocks via a popup message__; vital for debugging. The popup identifies:
- the exact feudalist, and
- the application that made the request, depending on 'isolation groups' you make (see instructions in the text file). Currently this is a manual part of the process but the guide makes it easy. Ideas toward [automating this part of the process](#future-development).
<small>__NOTE: You will want to have [Tor Browser](https://torproject.org) installed, as 40-90% of websites will not be accessible without it, depending on what you search for.__ For example, sites related to art, technology, connecting with people, e-commerce, AI, government and cryptocurrency (including legacy banking and finance) are most dominated (or attacked) by *digital feudalists*. Having said that, there are many such sites that load okay using DFCA because 'phoning home' to the feudalist is not necessary to load page contents.</small>
## Easy setup
0. Requires linux. <sub><sup>Why do this on anything other than a free-license, open-source (FOSS) operating system that respects it users?</sup></sub> It may be desirable to have __ClamAV__ installed (sure, a FOSS anti-virus for linux, believe it or not). Because you will not be talking to *digital feudalists* you *__may__* be a more desirable target by actors that have connections with those feudalists. So please consider `clamav`.
1. Ensure __[Tor Browser](https://torproject.org)__ and `torsocks` are installed and working.
2. Get the <a href="dfca/raw/branch/master/dfca_0.2.0.tar"><img src="img/dfca_v1-profile_tiny.jpg" width="17"> __DFCA 0.2.0__ <img src="identicons/0.2.0.png" width="17" alt="SHA-256 identicon of DFCA 0.2.0"> __(beta)__</a> package, plus its <a href="dfca/raw/branch/master/dfca_0.2.0.tar.asc">__PGP signature__</a> and <a href="dfca/raw/branch/master/unsender-pubkey.asc">__Unsender's public key__</a> to verify its authenticity using cryptography. If this is your first install go to '[First install](#first-install-beginner-friendly)' section below. Otherwise, check the update is signed by Unsender, or a key you know. The update should be as easy to read and follow as the original install and/or other updates.
3. __Spend 15 minutes or so to enter the well-documented commands__ (if updating, the process may be automated and take less time). Yes, during setup you'll see well-documented bash-script and maybe learn some GNU/linux computer tricks! Double win!!
You're set! Congratulations on joining the resistance!
<small>__Want notifications without actually blocking?__ <sub>If you are not ready to block the *digital feudalists* but want to see feudalism with your own eyes, then simply don't add any `iptables` commands with the word `REJECT` at the end*. At any time in the future you can go back and add them, *and you won't regret it.* * __WARNING:__ False positives may result, and may lead you to suspect a site will not function without a feudalist, when in fact the popup only appeared when the website attempted to fetch ads or unnecessary javascript, trackers, fonts, images and/or styles. *__A site's content may load while blocking, and possibly load faster and perform better, without scripts that often slow down one's entire computer system!__*</sub></small>
### First install (beginner friendly)
- The command line or 'terminal' is used in these instructions. To open the terminal, try `Ctrl+Alt+T`.
- The __GPG (GNU Privacy Guard)__ software will be used for cryptographic authenticity. A nice resource to learn about `gpg` is the [PGP Compendium](https://files.gpg4win.org/doc/gpg4win-compendium-en.pdf) ([DE](https://files.gpg4win.org/doc/gpg4win-compendium-de.pdf)).
- A more technical "(man)ual" is accessible without the internet from your terminal with:
- `man gpg`
- Navigating 'man' pages is easy with arrow keys, 'PgUp' and 'PgDn'. Quit with 'q'. Search 'man' pages with (/) forward slash, like so:
- `/search for this phrase`
- Check that the 'tar' compressed file was signed by Unsender's key (ie. the fingerprint should match 'A264 08BB 063F E001 8B1A 37CC F663 BE9B E932 748F')
- `gpg --verify-files dfca_0.2.0.tar.asc`
- After opening and extracting the contents of the 'tar' file. Skim over the instructions in the text file to confirm its worth.
- When you deem __DFCA Antitrust Law__ worthy, please take the time to exercise good software hygiene, and not just on this occasion but on all occasions moving forward. Without the feudalists possibly 'holding your hand' (and engaging in repression at the same), and once particular entities learn that you no longer feed them data through their digital 'partners in (cyber)crime', you may need to be extra careful to stay safe. If software is not offered by your linux distribution package managers, getting copies of software from as many quality random sources as possible and comparing them with the `diff` command or by their unique hash (see `shasum`) may be needed. It means ensuring software is signed by reputatable keys. It means `clamav` anti-virus might now be installed. It means researching software; ask yourself are different communities vetting or using it? It means resisting 'bloatware' spanning tens of megabytes for no justifiable reason. It means, if you are not a programmer, having a computer savvy friend look at software and maybe even attempting to build the software from its source code, or just checking source code every so often.
- Import Unsender's cryptographic public key to help verify authenticity of future updates:
- `gpg --import unsender-pubkey.asc`
- If successful, you should see the key in your keyring with:
- `gpg --list-keys`
- You'll get a message saying the key itself is untrusted, so assign a trust level to it. First, select the key for 'editing'...:
- `gpg --edit-key Unsender`
- ...then at the `gpg>` prompt type `trust` and give it a `3` ('marginal' trust). What we are doing here is using an approach to *key management* called 'trust-on-first-use'. The longer a key is used to deliver quality software the easier it *__can__* be to trust it, but because Unsender will remain anonymous, best practice is to read new code changes. Don't trust Unsender. In fact don't trust anyone but yourself and people you give a portion of your destiny to. One mantra of the cypherpunk is, "*Don't trust... verify*".
- Some tasks will be easier and some harder as a result of blocking feudalists. __Search will be better.__ Bookmark search engines like __[Metager](https://metager.org)__&nbsp;([I2P](http://metager.i2p)&nbsp;[B32](http://4zdcetlcp3tdg5h23gd3aeyzbvodepid7a6mb3w4qvxkdnm2by6q.b32.i2p),&nbsp;[Tor](http://metagerv65pwclop2rsfzg4jwowpavpwd6grhhlvdgsswvo6ii4akgyd.onion)), __[Mojeek](https://www.mojeek.com/)__&nbsp;([I2P](http://mojeek.i2p/)&nbsp;[B32](http://zc347qqc4pvo7lf73rhuhthd3i3g2v5zgnsqdoklexx2bcau7rgq.b32.i2p)), __[Startpage](https://startpage.com)__, __[Qwant](https://lite.qwant.com)__ and __[Yandex](https://yandex.com/)__, and search aggregator instances like __[SearXNG](https://searx.space/data/instances.json)__ to name a few. The I2P and Tor networks also have their own search providers like __Ahmia__&nbsp;([I2P](http://i2psearch.i2p)&nbsp;[B32](http://d4jtslmsku66nmq7u3mpyhqb3cw3operuhldvegkectmakmf6jiq.b32.i2p),&nbsp;[Tor](http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion/)).
- It must be repeated, __bookmark the above__ search sites. If you think DuckDuckGo is the pièce de résistance, you'll quickly learn its a product served *from Microsoft servers!* 🔥🔥🔥
- Continue to step three (3) of [Easy Setup](#easy-setup).
### Emergency access
For '*desperate access*' to a feudalist's IP address, either:
- use __Tor Browser__, or
- if the site blocks Tor access you might be able to view it via __[The Internet Archive (IA)](https://web.archive.org/)__ (aka The Wayback Machine).
- For quick access to the IA, ensure [`web.archive.org`](https://web.archive.org/) is bookmarked so you only need to...
- type 'web' in the address bar,
- select the bookmarked address from the dropdown menu so it goes into your address bar, and then append the address you must visit. Eg.:
- `web.archive.org/https://must-see.site/life-in-danger-if-I-don't-see-page-on-unethical-site/`
- Done.
- <small>NOTE: The site may ban the IA too. Alternatively, if the IA has never archived the page, you may be prompted to start an archive process that may take a minute or so to complete. Go have your favorite drink and wait. 🫖🧋🥛🍺🍨😋🥃🍸🍹🥤🍵</small>, or
- the last resort is to disable blocking temporarily (see 'Desperate Access' in the text instructions).
Removing yourself from their system and rebuilding is not going to be the most easy experience, but <u>*do*</u> remain steadfast in your resistance to the *digital feudalists* and their enablers who use (and thus feed) them. Just like you can buy books without Amazon, __you *should be able to* do everything you need without the feudalists.__ It may take longer at times but that is the cost of having *ethical standards*. There is a saying, "the struggle reveals the truth." We can only stop the feudalism if we are prepared to be ethical *__at all times__*, not just on Sunday mornings.
## Future development
- __Two-click updates harnessing decentralized method of distribution (eg. torrent, IPFS).__ If not signed by expected key(s) issue warning. Options being; <small>*Download proposed update...*</small> (or <small>*View proposed update...*</small>), <small>*Not now*</small>, <small>*Remind me in a few days*</small>, and if the update has been downloaded <small>*Ignore proposed update*</small>. Use random jitter in all time delays. Starting from DFCA 0.2.0 <img src="identicons/0.2.0.png" width="17" alt="SHA-256 identicon of DFCA 0.2.0"> each update/version should display an __identicon__ (see [Visual Versions](#visual-versioning)) to distinguish between potential updates.
- __Making the 'txt' file a bash script that is still human-readable__... hopefully moreso! And,
- __Automate creation of 'app isolation groups'__ by finding all `.desktop` files on system, asking user which applications they want to isolate (with an 'All Applications' option?), making individual DFCA groups for them (noting limit to groupname length, a mapping system completely distinct from the current setup may need to be developed 😑?) and then produce the custom desktop files to run applications inside said groups (may be tricky to automate wrapping of complex launch scripts but ultimately a good thing to automate). At the same time implement pre and post-install hooks that would seek to re-produce new and custom, updated`.desktop` files, and likely group-mappings(?), asking user with respect to newly installed applications whether they would like to produce an isolation group for it (not asked if 'All applications' option was selected), and also automatically discarding subsequently unused DFCA groups on install <small>(feedback welcomed. Doing the 'isolation' automatically is expected to be difficult, incl. difficult to read code of, which is a priority of this project).</small>.
## Visual Versioning
If we imagine that __DFCA Antitrust Law__ becomes so popular that there are multiple versions or forks vying for your attention. By displaying '__identicon__' alongside each potential update/version/fork it becomes easier to distinguish between them. 'Identicons' would be difficult to spoof because they would be based on the SHA-256 hash of a file. Here are some identicons.
![Image of green checked identicon](identicons/example1.png) ![Brown fan identicon](identicons/example2.png) ![White squares on purple identicon](identicons/example3.png) ![Another yellowish-green identicon](identicons/example4.png) ![Dashed outline](identicons/example5.png) ![Sunburst](identicons/example6.png) ![...and finally a white diamond icon](identicons/example7.png)
In the below script we generate a random but distinct 'identicon' using the version of that is [included with]((http://127.0.0.1:7657/imagegen/)) __i2prouter__. It is the one you see for the latest version, <a href="dfca/raw/branch/master/dfca_0.2.0.tar"><img src="img/dfca_v1-profile_tiny.jpg" width="17">&nbsp;__DFCA&nbsp;0.2.0__&nbsp;<img src="identicons/0.2.0.png" width="17" alt="SHA-256 identicon of DFCA 0.2.0"> __(beta)__</a>. Generating such requires `i2prouter` be running:
```bash
## Store SHA256 of file...
hash256=$(shasum -a 256 'dfca_0.2.0.tar' | cut --delimiter=' ' --field=1) \
## Generate from locally hosted I2P the 'identicon' image, (s)ize 64 pixels, (O)utput as PNG.
wget "http://localhost:7657/imagegen/id?c=${hash256}&s=64" -O "identicons/0.2.0.png"
```
By changing the input file above that is hashed with `shasum`, its possible to create an 'identicon' for *__any__* file!
## List of mirrors (incomplete)
- via [torrent](torrents/DigitalFeudalismCounterAction_0.2.0+(Antitrust+law+by+CYPHERPUNKS).torrent) (torrent file also available from [tracker2.postman.i2p](http://tracker2.postman.i2p/?view=TorrentDetail&id=69969))
- more soon...
## Ending the *digital feudalism* and the importance of remaining vigilant
It is well-known that only a tiny number of people (3%) need participate in a counter action movement for it to snowball into popular effect and have a quality outcome. Therefore, one person enacting something akin to __DFCA Antitrust Law__ will be worth 33 people not doing so! Together, we can make emancipation from *digital feudalism* a reality.
In your journey you will discover many great decentralized technologies and services that you may never have if you didn't block the feudalists. __Share news of them far and wide in both online networks and in the meatspace__. Don't forget to share __DFCA Antitrust Law__ when it helps you, too. After the digital feudalists are gone, we must remain vigilant of coercive powers seeking to infiltrate and dominate. There will always be those who seek extreme power, so stay wise.
__Thanks for your consideration.__
*~ Unsender*
> <img src="img/dfca_v1-profile_digital-feudalism-counter-action_blocking-google_photography-cristina-gottardi-unsplash.webp" width="250" height="250" alt="Image of DFCA Antitrust Law depicting the same as the above image but is square and suitable as an avatar or profile image. It is indeed the profile image of this DFCA repo." >
>
> "Adopt the code you want to see in the world."

BIN
dfca_0.2.0.tar Normal file
View File

Binary file not shown.

16
dfca_0.2.0.tar.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEomQIuwY/4AGLGjfM9mO+m+kydI8FAmRgL2wACgkQ9mO+m+ky
dI8ADg/+PSUw17Jfhc0yClS2QKL5eNlqiUsop2dlA/pbCFfAq9iLdy6ZGM9Skf4P
M88C2+B1kFrvIP13K0vdEcCzipuwoFqc7R6qGkvkCiUhumxjmkr8vvYrf/H4f+Bv
D2P4Wf/6AICLURIAjB4a+A52jspddt6zSm33cd9xvDkpUr8Ma64eOe2/15pE0Spu
D75sYMDh6FDVdMMb6QJCVw9B7FpYtZzqbvJ23lmVQ8VwxfrGuIkRS6hqzU7o9Luk
69I2IFqmdA5NndM5FnsrHwQTDtMuhDzC03wlxRqkBRfC9JRtWDZhoboPrIzJSdAY
qr6LL1PdcdWpHIzI4VfnkTMxLSG/+8vX/qeOjfF3K36g6CSa1ZoNHa5E7d4Aeeoe
itO6Dt9SLwtlk8C1hsDo3e1jIKDSnRdW4U+awvhZu7ZmZZgwxC7577+7T7vjMNSt
M/oyOlsdtFrT4gMceFvxQWxOle5xrretb2OEFlrmjo86qatCy7lPBy4dw5+q/qoi
AH5Oyas78tez7RS46/PulN0lLAzIxzrGGGnovk1k5oqZuZMg5pgfKNL9C/S7+1PX
cn6PdjJai0U7nIXsmplttUciGbvvAcwOiCRVqf7rsv7aY2Nk0PfdO2eoi1R3teOZ
lHIw8bXVI6U0vIAzwcWXPZG6VQRL2w4C/rPuT9A6h6fyK4msyXU=
=PQJz
-----END PGP SIGNATURE-----

7418
digital-feudalism-counter-action/DFCA-README-AND-INSTALL-INSTRUCTIONS.txt Normal file
View File

File diff suppressed because it is too large Load Diff

739
digital-feudalism-counter-action/UPGRADING/FROM_0.1.0/UPDATER.sh Normal file
View File

@ -0,0 +1,739 @@
#!/bin/bash
## UPGRADING FROM dfca_0.1.0
## =========================
##
## Please mark this file as executable with:
# chmod +x UPDATER.sh
##
## ... and then update easily by running:
# . UPDATER.sh
##
## In this upgrade, we fix SPACEX' list of IP address ranges to not
## provide false positive warnings in the 8.0.0.0/9 range, let's
## thank a fediverse user at gnulinux.social for discovering this.
## We also add an icon to easily identify AKAMAI connection
## requests, add ALIBABA and TENCENT as DIGITAL FEUDALISTS (I came
## across ALIBABA's ASN by accident. They happen to serve
## 'tesla.io'), and apply the performance improvement to IPv6.
##
## Updating SPACEX IP ranges is trivial with instructions already
## written for such a predictable occurance. Adding ALIBABA and
## TENCENT is less trivial but still easy by using the following
## commands in your bash terminal. Some commands that start with
## 'sudo' will require (su)per user privileges.
##
## The easy steps to do it all...
##
secureFolder="/usr/bin/law-DFCA/"
## Checks that you are in the correct directory to start.
sleep 1
if [[ "$(shasum -a 256 notify-me-of-firewall-action.sh)" == *29c39494338284e7b3b6ed3339d1ea8012f129280e98d4c8534a8df5adca6d39* ]] ; then
echo "
### Version 0.2.0 found..."
sleep 1
else
echo -n "
### PLEASE RUN THIS SCRIPT FROM INSIDE THE FOLDER:
### dfca_0.2.0/UPGRADING_FROM_0.1.0/"
sleep 2
echo "
###
### Aborting"
return 1
fi
echo "
## 1. Replace old 0.1.0 instructions and add new Akamai icon
## ---------------------------------------------------------"
##
## - While in the folder with the updated txt file, backup the old...
mkdir /home/$USER/.law-DFCA/.OLD_0.1.0
mv /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS.txt /home/$USER/.law-DFCA/.OLD_0.1.0/
## - ...and copy the new
cp ../*0.2.0* /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt
echo "
## - New (muted) AKAMAI icon into secure folder ($secureFolder)..."
sudo bash << EOF
echo '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" version="1.1">
<path style="fill-opacity:1;fill:#6b7999;" d="M 8.24,2.071 A 4.975,4.979 0 0 0 3.82,7.551 4.975,4.979 0 0 0 9.042,11.984 4.144,4.147 0 0 1 6.221,8.498 4.144,4.147 0 0 1 9.902,3.934 4.144,4.147 0 0 1 13.434,5.3 4.975,4.979 0 0 0 8.24,2.071 Z" />
<path style="fill:none;stroke:#cb7e3f;stroke-width:2.1839;stroke-opacity:1" d="M 3.482,14.369 9.672,6.853 H 10.634 L 10.609,13.562" />
</svg>
' > "$secureFolder/akamai.svg"
EOF
statusCode=$? # the return value of above
if [ $statusCode -ne 0 ]; then
echo "
## Updating does require sudo privileges. Please read the code, or
## check the cryptographic signature of the update to increase
## your personal trust. If version 0.1.0 was installed fully then
## this update should go swimmingly. If however you wish to step
## through each command individually, that is totally fine.
##
## In order to fight the DIGITAL FEUDALISTS it is best to run the
## latest version of DFCA.
##
## Please run this update again when you are ready.
##"
return 1
fi
sleep 1
echo "
## 2. Add ALIBABA and TENCENT as DIGITAL FEUDALISTS
## ------------------------------------------------
## - Copy updated script that generates on-screen notifications, so
## ALIBABA and TENCENT connection attempts are shown with an
## icon (requires restart):"
sudo cp -f notify-me-of-firewall-action.sh "$secureFolder/notify-me-of-firewall-action.sh"
echo "
## - Add folders for the feudalists..."
cd /home/$USER/.law-DFCA/ && mkdir Alibaba Tencent
## - Add the warnings
touch {Alibaba,Tencent}/ENSURE_ONLY_ONE-set-of-IPv4-and-v6-addresses-in-folder-or-iptables-will-get-slow
echo "
## - Add the collapsed IP Address Ranges (CIDR)..."
## First ALIBABA's IPv4 (a space is added so this multi-line
## command does not fill your bash history, if you choose to
## run each command individually.):
echo '5.181.224.0/23
8.128.0.0/10
8.208.0.0/12
14.1.112.0/22
39.96.0.0/13
39.104.0.0/14
39.108.0.0/16
42.96.128.0/17
42.120.0.0/15
42.156.128.0/17
43.0.0.0/9
43.227.188.0/22
43.230.32.0/22
43.242.168.0/22
43.250.12.0/22
45.112.208.0/20
45.113.40.0/22
45.158.183.0/24
45.196.28.0/24
45.199.179.0/24
47.52.0.0/16
47.56.0.0/15
47.74.0.0/15
47.76.0.0/14
47.80.0.0/12
47.99.0.0/16
47.100.0.0/14
47.104.0.0/13
47.112.0.0/12
47.235.0.0/16
47.236.0.0/14
47.240.0.0/14
47.244.0.0/15
47.246.0.0/16
47.250.0.0/15
47.252.0.0/15
47.254.0.0/16
59.82.0.0/16
59.110.0.0/16
60.205.0.0/16
62.128.96.0/22
72.254.0.0/16
89.219.0.0/22
91.192.106.0/23
101.37.0.0/16
101.132.0.0/15
101.200.0.0/15
103.15.96.0/22
103.38.56.0/22
103.41.140.0/22
103.47.4.0/22
103.49.76.0/22
103.52.72.0/21
103.52.80.0/21
103.52.196.0/22
103.81.186.0/23
103.142.8.0/23
103.142.100.0/23
103.145.72.0/24
103.151.206.0/23
103.183.154.0/23
103.206.40.0/22
103.212.44.0/22
103.216.108.0/22
106.11.0.0/16
106.14.0.0/15
110.75.128.0/17
110.76.0.0/18
110.173.192.0/19
112.74.0.0/16
112.124.0.0/14
114.55.0.0/16
114.215.0.0/16
115.28.0.0/15
115.124.16.0/20
116.62.0.0/16
116.251.64.0/18
117.49.0.0/16
118.31.0.0/16
118.178.0.0/16
118.190.0.0/16
119.23.0.0/16
119.38.208.0/20
119.38.224.0/20
119.42.224.0/19
120.24.0.0/14
120.55.0.0/16
120.76.0.0/14
121.0.16.0/20
121.40.0.0/14
121.89.0.0/16
121.196.0.0/14
122.254.76.0/23
123.56.0.0/15
139.5.160.0/22
139.95.0.0/16
139.129.0.0/16
139.196.0.0/16
139.224.0.0/16
140.205.0.0/16
147.139.0.0/16
149.129.0.0/16
154.89.65.0/24
154.89.66.0/23
154.89.68.0/22
154.89.72.0/21
154.89.80.0/20
154.89.96.0/19
154.212.168.0/21
154.212.176.0/20
154.212.192.0/18
154.220.64.0/18
155.102.0.0/16
156.224.138.0/24
156.225.132.0/22
156.225.136.0/21
156.225.144.0/20
156.226.24.0/21
156.226.32.0/19
156.227.20.0/24
156.236.12.0/24
156.236.17.0/24
156.240.76.0/23
156.244.64.0/18
156.245.1.0/24
156.245.32.0/19
156.250.4.0/22
156.250.8.0/21
156.250.16.0/20
157.119.192.0/22
157.119.240.0/22
161.117.0.0/16
163.181.0.0/16
170.33.0.0/16
182.92.0.0/16
185.78.106.0/23
185.218.176.0/22
198.11.128.0/18
198.44.244.0/22
202.61.84.0/22
202.144.199.0/24
203.107.0.0/17
203.119.128.0/17
203.209.224.0/19
205.204.96.0/19
218.244.128.0/19
223.4.0.0/14' > Alibaba/202305_02_ali-CIDRCollapsed.txt
## Then Alibaba's IPv6:
echo '2400:3200::/32
2400:b200::/32
2401:2e00::/32
2401:8680::/32
2401:b180::/32
2403:28c0::/32
2404:2280::/32
2405:e000::/32
2406:1880::/32
2406:2880::/32
2407:bc00::/32
2408:4000::/22
240b:4000::/22
2600:3100::/28
2a0b:da40::/29' > Alibaba/202305_02_ali-IPv6-CIDRCollapsed.txt
## TENCENT
## -------
## Investigations show that this DIGITAL FEUDALIST uses the following
## ASNs (see EXAMPLE INSTRUCTIONS in README to produce a list from ASNs):
##
## AS45090 (over 6 million IPv4)
echo '1.12.0.0/14
1.116.0.0/15
42.187.128.0/17
42.192.0.0/15
42.194.128.0/17
43.136.0.0/13
43.144.0.0/15
43.176.0.0/12
43.242.252.0/22
43.247.196.0/22
45.40.192.0/18
49.232.0.0/14
58.87.64.0/18
62.234.0.0/16
81.68.0.0/14
82.156.0.0/15
94.191.0.0/17
101.33.128.0/17
101.34.0.0/15
101.42.0.0/15
103.38.116.0/22
103.238.16.0/22
106.52.0.0/14
109.244.0.0/16
110.40.128.0/17
110.42.128.0/17
111.30.128.0/21
111.30.136.0/24
111.30.139.0/24
111.30.140.0/23
111.229.0.0/16
111.230.0.0/15
114.117.0.0/16
114.132.0.0/16
115.159.0.0/16
118.24.0.0/15
118.89.0.0/16
118.126.64.0/18
118.195.128.0/17
119.27.160.0/19
119.28.28.0/24
119.29.0.0/16
119.45.0.0/16
119.91.0.0/16
120.53.0.0/16
121.4.0.0/15
121.51.0.0/16
122.51.0.0/16
122.152.192.0/18
123.206.0.0/15
124.220.0.0/14
128.108.0.0/16
129.28.0.0/16
129.204.0.0/16
129.211.0.0/16
132.232.0.0/16
134.175.0.0/16
139.155.0.0/16
139.186.0.0/16
139.199.0.0/16
140.143.0.0/16
146.56.192.0/18
148.70.0.0/16
150.158.0.0/16
152.136.0.0/16
154.8.128.0/17
159.75.0.0/16
162.14.0.0/16
172.81.192.0/18
175.24.0.0/16
175.27.0.0/16
175.178.0.0/16
182.254.0.0/16
188.131.128.0/17
192.144.128.0/17
193.112.0.0/16
203.195.128.0/17
203.205.128.0/17
210.73.160.0/19
211.159.128.0/17
212.64.0.0/17
212.129.128.0/17' > Tencent/202305_02_tenc-CIDRCollapsed.txt
## Tencent's IPv6
echo '2402:4e00::/32' > Tencent/202305_02_tenc-IPv6-CIDRCollapsed.txt
echo "
## Determine whether you previously chose an on-screen
## notification burst of 2 or 3..."
if [[ $(sudo iptables -t nat -L DFCA__LOGGING__MICROSOFT | grep "burst 2") ]]; then \
DFCA_ALERTS__limitBurst=2; \
else \
DFCA_ALERTS__limitBurst=3; \
fi
echo "
## - Determining the insert positions..."
##
## TENCENT and ALIBABA are placed after SPACEX (127.1.66.66) but
## before FACEBOOK (127.1.66.67), so we (I)nsert the check at
## position where FACEBOOK is, thus pushing APPLE down. The `sed'
## part of the command clears everything after and including the
## 'space' character, as explained in the main txt file.
insertPosn__natOutput=$(sudo iptables -t nat -L OUTPUT -n --line-numbers | grep "DFCA__FACEBOOK" | sed 's/ .*//g')
insertPosn__output=$( sudo iptables -L OUTPUT -n --line-numbers | grep "127.1.66.67" | sed 's/ .*//g')
echo "
## - Add the feudalists to the (first IPv4) firewall in reverse (insert)
## order..."
## Thus starting with ALIBABA.
sudo iptables -t nat -N DFCA__ALIBABA
sudo iptables -t nat -I OUTPUT $insertPosn__natOutput -j DFCA__ALIBABA
sudo iptables -t nat -N DFCA__LOGGING__ALIBABA
sudo iptables -t nat -F DFCA__ALIBABA # Ensure rule-set is (F)lushed/empty (will be on first run)
sudo iptables -t nat -F DFCA__LOGGING__ALIBABA # ''
grep -E -ho '([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?' Alibaba/?*ali-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo iptables -t nat -A DFCA__ALIBABA -d {} -j DFCA__LOGGING__ALIBABA
sudo iptables -t nat -A DFCA__LOGGING__ALIBABA -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Alibaba outgoing blocked: " --log-level 4
sudo iptables -t nat -A DFCA__LOGGING__ALIBABA -j DNAT --to 127.1.66.69
sudo iptables -I OUTPUT $insertPosn__output -d 127.1.66.69 -j REJECT
## TENCENT
sudo iptables -t nat -N DFCA__TENCENT
sudo iptables -t nat -I OUTPUT $insertPosn__natOutput -j DFCA__TENCENT
sudo iptables -t nat -N DFCA__LOGGING__TENCENT
sudo iptables -t nat -F DFCA__TENCENT
sudo iptables -t nat -F DFCA__LOGGING__TENCENT
grep -E -ho '([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?' Tencent/?*tenc-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo iptables -t nat -A DFCA__TENCENT -d {} -j DFCA__LOGGING__TENCENT
sudo iptables -t nat -A DFCA__LOGGING__TENCENT -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Tencent outgoing blocked: " --log-level 4
sudo iptables -t nat -A DFCA__LOGGING__TENCENT -j DNAT --to 127.16.66.10
sudo iptables -I OUTPUT $insertPosn__output -d 127.16.66.10 -j REJECT
echo -n "
## - Sanity check (ipv4) in case of (accidental) re-run of 'UPDATER.sh'..."
if (( $(sudo iptables -t nat -L OUTPUT -n --line-numbers | grep -c "DFCA__ALIBABA") > 1 )) ; then
echo " RE-RUN DETECTED.
##
## - Removing previous additions to OUTPUT tables... "
## Ie. two FEUDALISTS per rulechain on this occasion.
sudo iptables -t nat -D OUTPUT $(( $insertPosn__natOutput - 2 ))
sudo iptables -t nat -D OUTPUT $(( $insertPosn__natOutput - 2 ))
sudo iptables -D OUTPUT $(( $insertPosn__output - 2 ))
sudo iptables -D OUTPUT $(( $insertPosn__output - 2 ))
else
echo " none detected."
fi
echo "
## - Now IPv6 (same methodology as v4)..."
## Let's make it obvious we're using ip6-(six)-tables
ipt6=ip6tables
## Determine insert positions as above
insertPosn__v6NatOutput=$(sudo $ipt6 -t nat -L OUTPUT -n --line-numbers | grep "DFCA__FACEBOOK" | sed 's/ .*//g')
insertPosn__v6Output=$( sudo $ipt6 -L OUTPUT -n --line-numbers | grep "fe80:666:7::" | sed 's/ .*//g')
## - Add to (IPv6) firewall, first ALIBABA...
sudo $ipt6 -t nat -N DFCA__ALIBABA
sudo $ipt6 -t nat -I OUTPUT $insertPosn__v6NatOutput -j DFCA__ALIBABA
sudo $ipt6 -t nat -N DFCA__LOGGING__ALIBABA
sudo $ipt6 -t nat -F DFCA__ALIBABA
sudo $ipt6 -t nat -F DFCA__LOGGING__ALIBABA
grep -E -ho "$(cat IPV6_REGEX.txt)" Alibaba/?*ali-IPv6-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo $ipt6 -t nat -A DFCA__ALIBABA -d {} -j DFCA__LOGGING__ALIBABA
sudo $ipt6 -t nat -A DFCA__LOGGING__ALIBABA -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Alibaba IPv6 out blocked: " --log-level 4
sudo $ipt6 -t nat -A DFCA__LOGGING__ALIBABA -j DNAT --to fe80:666:9::
sudo $ipt6 -I OUTPUT $insertPosn__v6Output -d fe80:666:9:: -j REJECT
## - ...then TENCENT.
sudo $ipt6 -t nat -N DFCA__TENCENT
sudo $ipt6 -t nat -I OUTPUT $insertPosn__v6NatOutput -j DFCA__TENCENT
sudo $ipt6 -t nat -N DFCA__LOGGING__TENCENT
sudo $ipt6 -t nat -F DFCA__TENCENT
sudo $ipt6 -t nat -F DFCA__LOGGING__TENCENT
grep -E -ho "$(cat IPV6_REGEX.txt)" Tencent/?*tenc-IPv6-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo $ipt6 -t nat -A DFCA__TENCENT -d {} -j DFCA__LOGGING__TENCENT
sudo $ipt6 -t nat -A DFCA__LOGGING__TENCENT -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Tencent IPv6 out blocked: " --log-level 4
sudo $ipt6 -t nat -A DFCA__LOGGING__TENCENT -j DNAT --to fe80:666:10::
sudo $ipt6 -I OUTPUT $insertPosn__v6Output -d fe80:666:10:: -j REJECT
echo -n "
## - Sanity check (ipv6) in case of accidental re-run of update..."
if (( $(sudo $ipt6 -t nat -L OUTPUT -n --line-numbers | grep -c "DFCA__ALIBABA") > 1 )) ; then
echo " RE-RUN DETECTED.
##
## - Removing previous additions to OUTPUT tables... "
sudo $ipt6 -t nat -D OUTPUT $(( $insertPosn__v6NatOutput - 2 ))
sudo $ipt6 -t nat -D OUTPUT $(( $insertPosn__v6NatOutput - 2 ))
sudo $ipt6 -D OUTPUT $(( $insertPosn__v6Output - 2 ))
sudo $ipt6 -D OUTPUT $(( $insertPosn__v6Output - 2 ))
else
echo " none detected."
fi
echo "
## 3. Update SPACEX
## ----------------"
## - Find the updated list in:
## <Torrent_folder>/UPGRADING_FROM_V0.1.0/202302_02_spacex-CIDRCollapsed.txt
## - Notice that we have not updated the month because we are still
## using February data - just using it properly. Follow the UPDATING
## section in the README to easily update. ````````
## - But if you are feeling lazy...
echo '8.21.14.0/24
8.25.194.0/23
8.25.196.0/23
8.45.124.0/24
8.47.24.0/24
8.244.0.0/14
12.0.0.0/8
31.40.130.0/24
31.130.128.0/19
45.146.40.0/24
45.151.60.0/22
62.67.197.0/24
64.63.0.0/18
65.181.0.0/19
69.195.160.0/24
69.195.162.0/23
69.195.164.0/23
69.195.166.0/24
69.195.168.0/23
69.195.171.0/24
69.195.172.0/24
69.195.174.0/23
69.195.176.0/23
69.195.179.0/24
69.195.180.0/22
69.195.184.0/22
77.50.0.0/16
77.233.192.0/19
77.243.96.0/20
81.17.144.0/20
83.150.204.0/24
91.102.180.0/22
91.204.128.0/22
91.221.43.0/24
94.141.160.0/19
98.97.0.0/18
98.97.64.0/21
98.97.72.0/22
98.97.76.0/23
98.97.80.0/20
98.97.96.0/19
98.97.128.0/18
102.215.56.0/23
102.215.58.0/24
103.152.126.0/23
103.171.118.0/24
103.235.92.0/22
103.252.112.0/22
104.244.40.0/23
104.244.42.0/24
104.244.44.0/22
113.29.1.176/30
113.29.105.136/30
129.222.0.0/16
135.129.0.0/18
135.129.120.0/23
138.84.32.0/19
143.131.0.0/20
145.224.64.0/18
149.19.108.0/23
149.19.164.0/22
149.19.168.0/21
149.106.192.0/19
162.43.192.0/22
168.195.100.0/22
169.155.224.0/19
170.203.64.0/19
170.203.192.0/19
176.116.124.0/23
177.55.224.0/20
185.45.4.0/22
185.135.182.0/24
185.185.140.0/22
188.64.224.0/21
188.92.248.0/21
188.95.144.0/23
190.109.64.0/22
192.44.69.0/24
192.95.64.0/24
192.133.76.0/22
193.105.70.0/24
198.54.100.0/22
199.16.156.0/22
199.43.255.0/24
199.59.148.0/22
199.66.8.0/22
199.96.56.0/21
199.120.32.0/20
199.120.48.0/21
199.120.56.0/23
202.160.128.0/22
203.31.23.0/24
204.48.8.0/24
205.234.11.0/24
206.83.96.0/19
206.214.224.0/20
206.224.64.0/20
206.224.80.0/21
206.224.88.0/22
206.224.95.0/24
207.140.0.0/15
209.133.79.0/24
209.198.128.0/21
209.198.136.0/23
209.198.138.0/24
209.198.140.0/23
209.237.192.0/21
209.237.200.0/22
209.237.220.0/23
209.237.222.0/24
213.19.141.0/24
213.244.145.0/24
216.128.0.0/19
216.147.120.0/21
217.65.136.0/21' > SpaceX/202302_02_spacex-CIDRCollapsed.txt
echo "
## - (F)lush the old SPACEX rules out of the firewall..."
sudo iptables -t nat -F DFCA__SPACEX
echo "
## ...and re-add the correct ones (this command is explained in the README)..."
grep -E -ho '([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?' SpaceX/?*spacex-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo iptables -t nat -A DFCA__SPACEX -d {} -j DFCA__LOGGING__SPACEX
echo "
## 4. Apply performance improvement to IPv6
## ----------------------------------------"
echo -n "
## - Probably pointless sanity check for \"IPv6 performance\" tweaks in
## case of (accidental) re-run of this script..."
sleep 1
if (( $(sudo $ipt6 -L OUTPUT -n --line-numbers | \
grep -ce "^1 .*ACCEPT .*0 .*-- .*::/0 .*::/0 [[:space:]]*$") > 0 && $(sudo $ipt6 -L OUTPUT -n --line-numbers | \
grep -ce "^2 .*ACCEPT .*0 .*-- .*::/0 .*::/0 .*state RELATED,ESTABLISHED$") > 0 )) ; then
echo " RE-RUN DETECTED (doing nothing)."
else
echo " success."
if (( $(sudo $ipt6 -L OUTPUT -n --line-numbers | \
grep -ce "^1 .*REJECT .*0 .*-- .*::/0 .*fe80:666:: .*reject-with icmp6-port-unreachable$") < 1 )) ; then
echo -n "
## - Deviation from expected firewall rule-chain detected...
## - Expected first line from command 'sudo ip6tables -L OUTPUT -n --line-numbers' is:
1 REJECT 0 -- ::/0 fe80:666:: reject-with icmp6-port-unreachable
##
## ...but another result was detected.
##
## - PROCEEDING WITH UNCONTROVERSIAL ADDITION/UPDATE ANYWAY BUT IT MAY BE
## WISE TO CHECK YOUR ip6tables RULE-CHAIN.
## **************************************************************
##"
sleep 5
fi
# Add the actual basic rules :P
sudo $ipt6 -I OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo $ipt6 -I OUTPUT -o lo -j ACCEPT
fi
echo "
## - Save firewall settings for startup..."
sudo iptables-save -f /etc/iptables/iptables.rules # Archlinux/Gentoo saving method, or
sudo service iptables save # Debian saving method
sudo $ipt6-save -f /etc/iptables/$ipt6.rules # Archlinux/Gentoo saving method, or
sudo service $ipt6 save # Debian saving method
sleep 1
echo "
## Congrats on your upgrade!
## -------------------------
## Together we can blacklist the DIGITAL FEUDALISTS into oblivion!"
echo "
## IMPORTANT: You'll need to logout and in again (or restart) to get the full
## benefit of this update. Although it will begin blocking ALIBABA and
## TENCENT immediately, the on-screen notifications process will not
## display the chosen icons for them until you re-login or reset."
sleep 4
echo "
## Testing that it is working (both blocking and showing an alert)..."
wget https://81.68.0.123 # ...to test TENCENT.
wget https://119.38.224.0 # Test ALIBABA (again, you'll need to reset to see better icons.)
statusCode=$? # the return value of above
if [ $statusCode -eq 0 ]; then
echo "
## **************************************************************************
## WARNING: Test request to DIGITAL FEUDALIST **not** refused!
##
## Please try:
sudo iptables -t nat -L OUTPUT -n --line-numbers # see a (j)ump to DFCA_TENCENT and ALIBABA rules here?
sudo iptables -L OUTPUT -n --line-numbers # see 127.1.66.69 and 127.16.66.10 rejected here?
sudo iptables -L DFCA_TENCENT -n --line-numbers # see blocked TENCENT IP Address Ranges here?
## If you answered no to any of the questions please find help.
## **************************************************************************
##"
else
echo "
## - Success!
##"
fi
sleep 3
echo "
## - Open the README using your favourite text editor and share it with
## your friends and family. If you have any trouble and start afresh
## follow these instructions.
"
sleep 8
nautilus /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt &
thunar /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt &
dolphin /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt &
nemo /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt &

193
digital-feudalism-counter-action/UPGRADING/FROM_0.1.0/notify-me-of-firewall-action.sh Normal file
View File

@ -0,0 +1,193 @@
#!/bin/bash
## This script offers a small notification to the user when the computer
## attempts to connect to a DIGITAL FEUDALIST, and will (with minor
## user effort in using 'groups') even expose an offending app! FULL
## DISCLOSURE: minor bug very occasionally causes wrong application
## to be blamed for a request so please attribute blame to an
## offending applications with (some) caution. It mostly works fine so
## consider waiting for a repeat of the behaviour, before making any
## public accusations. /// Also unsure if groups is the best
## and most easiest method to attribure blame to applications. ///
## IPv6 is untested.
##
## This script goes into the folder /usr/bin/law-DFCA/
##
## Ensure it is executable...
#chmod +x /usr/bin/law-DFCA/notify-me-of-firewall-action.sh
## ...and executed at startup by a '.desktop' file (see README).
## REQUIRES
## - notifysend
## - papirus-icon-theme (icons to represent some DIGITAL FEUDALISTs)
## - groupadd
## - sg
## - usermod
## LICENSE:
## The below, is a DISTRIBUTED ANTITRUST LAW. It is COPYLEFT-LICENSED as GPLv3, with some basic yet strict limitations below. Originally by 'UNSENDER' and released in 2023 for the sole purpose of ending DIGITAL SLAVERY AND SUPPRESSION and thus only designed for FREE-LICENSE and OPEN-SOURCE 'OPERATING SYSTEMS' or, as they are referred to in the linux community, 'DISTROS'. DIRECTLY FOLLOWING THIS LICENSE A FULL CHANGELOG MUST BE INCLUDED. IT IS IMPERATIVE THAT THIS DOCUMENT REMAINS A HUMAN-READABLE, living, breathing, changing document FOR THE NON-TECHNICAL USER such that the user can learn linux operations. NO SINGLE PERSON OR ENTITY CAN BE MADE LIABLE IN ANY CIVIL OR CRIMINAL COURT FOR ITS CONTENTS, NOR TO GUARANTEE FITNESS OR WARRANTIES FOR A PARTICULAR PURPOSE. IT IS PROVIDED 'AS IS' IN THE HOPE THAT IT WILL BE (***VERY***) USEFUL.
## It is considered a 'CYPHER'CRIME for a person connected to the DIGITAL COLONIZATION, which include any employee of, investor in, or any person who has a close family member, friend or associate who is invested in, or an employee of any entity listed in THE DIGITAL FEUDALISTS section of this document, to publish or make available for publish, adaptations to this document, while they have any such CONFLICT(S) OF INTEREST and for a TIME PERIOD OF NO LESS THAN (4) FOUR YEARS since having such CONFLICT(S) OF INTEREST.
## The current DIGITAL FEUDALISTS are AKAMAI, ALIBABA, AMAZON, APPLE, CLOUDFLARE, FACEBOOK, GOOGLE, MICROSOFT, MUSK (incl. SPACEX, TESLA, STARLINK and TWITTER), ORACLE and TENCENT.
## Note that BYTEDANCE, FASTLY, LITESPEED, NETFLIX, REDDIT and YANDEX only partially met below criteria and thus not included.
## END OF LICENSE
## CHANGELOG:
## 2023-05 - 0.2.0 - Unsender
## - FIX: List 'papirus-icon-theme' package as a required dependency.
## - FIX: Original version year from "2022" to "2023"
## - FEATURE: Added ALIBABA and TENCENT as feudalists
## - FEATURE: Added icon for AKAMAI + better (anti) icon for APPLE + optimised icon selection
##
## 2023-03 - 0.1.0 - Unsender
## - Original release, knowing that its far from complete/perfect, thus the '0.1.0' numbering.
##
## END OF CHANGELOG
## Set field separator or you get output like:
##
## Mar
## 23
## 12:44:49
## kernel:
## Amazon
## outgoing
## blocked:
IFS=$'\n';
declare -A gIDToName # associative array declared with capital 'A' not 'a' (see Bash reference manual)
aboutOneSecondAgo='1 second ago'
## Regular expressions
## -------------------
REGEX_INTEGER='^[0-9]+$' # test for integer (note: to test for decimals you'd use
# '^[0-9]+([.][0-9]+)?$'. For signed numbers add [+-]?
# after the (^) 'starts with' hat symbol.
REGEX__DFCA_LAW='^_d_f_c_a_law_' # reg'ex that means (^) 'starts with' "_d_f_c(...)"
REGEX__MYCOMPUTER_NAME="^$(who|sed 's/ .*//g')"
DISPLAY__DFCA_LAW='<i>DFCA Law</i>'
DISPLAY__DFCA_INTERNET_LAW="DFCA (Antitrust) Law"
## Infinate loop executed each second
while true; do
## TEST OFFLINE
# for line in $(echo 'Mar 34 13:32:43 boulder-cypherpunk kernel: Yandex outgoing blocked: IN= OUT=wlp5s0 SRC=192.168.1.7 DST=34.107.221.82 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50224 DF PROTO=TCP SPT=56116 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 UID=1000 GID=973') ; do
## Get all blocked connections in the last second, as reported by the -k kernal
for line in $(journalctl -k --since "$aboutOneSecondAgo"| grep 'IN=.*OUT=.*') ; do
aboutOneSecondAgo=$(date +'%F %H:%M:%S') # reset each second
# %F=(date like %+4Y-%m-%d) %H:%M:%S=%X=(locale's time like 23:13:48)
## Message, described between 'kernal: ' and ':'
message=$(echo $line | sed 's/.*kernel: //g' | sed 's/:.*//g')
## Source port probe (which did not work)
## -----------------
## Newbies don't need to know the following, but...
## A failed attempt to get the name of the app that made the request was to use
## the pid provided in the line directly, but apps start a temporary process
## and when the connection is refused the process is killed, thus the
## offending program cannot be tracked that way. Using the source port of the
## request, again, has the same issue. The source port is the port being
## listened to by the temp process, and is useless. The following commands
## were thus not helpful:
# ss -lpn 'sport = :7657' | grep pid | sed 's/.*(("//g' | sed 's/",pid=/ (/g' | sed 's/,.*/)/g' | sort -u
# sourcePort=$(echo $line | sed 's/.*SPT=//g' | sed 's/ .*//g')
# offendingApp=$(echo ss -lpn "sport = :$sourcePort" | grep pid | sed 's/.*(("//g' | sed 's/",pid=/ (/g' | sed 's/,.*/)/g' | sort -u)
##
## The trick is involved but simple. Special groups are created for each "app
## of interest". Eg:
## _d_f_c_a_law__firefox
## _d_f_c_a_law__i_2_p
## _d_f_c_a_law__tor-browser
## The groups above are assigned a GID which gets logged by `IPTables' with the
## 'LOG' option, '--log-uid'. From this number we get the group name, and
## extract/generate a nice human readable string featuring only the app name.
## Notice how 'group names' cannot include capitals. To use capitals as in
## 'I2P' and 'Tor browser' some fancy 'sed'work (explained below) is done.
## Follow instructions in the DFCA Law's section titled 'Catch an app
## breaking DFCA Law' to safely implement the groups. ````````````
## `````````````````
## Identify the GID and groupname
theGID=$(echo "$line" | sed 's/.*GID=//g' | sed 's/ .*//g')
if [[ $theGID =~ $REGEX_INTEGER ]] ; then
if [ -z ${gIDToName[$theGID]} ] # if null
then
theGroupName=$(getent group "$theGID" | cut -d: -f1)
if [[ $theGroupName =~ $REGEX__DFCA_LAW ]] ; then
# Make name pretty
theGroupName=$(echo "$theGroupName" | sed 's/_d_f_c_a_law_//g') # omit DFCA_Law namespacer
theGroupName=$(echo "$theGroupName" | sed 's/-/ /g') # turn '-' to spaces
theGroupName=$(echo "$theGroupName" | sed 's/___*/ _/g') # turn '__' to ' _'
theGroupName=$(echo "$theGroupName" | sed 's/_\(.\)/\U&/g' | sed 's/_//g') # '_[a-z]' to '[A-Z]'
# ... and add signature to end of string
theGroupName=$(echo "$theGroupName (GID=$theGID) ~ $DISPLAY__DFCA_LAW")
fi
# If groupName is your computer_name simply attribute the "internet law" generally.
if [[ $theGroupName =~ $REGEX__MYCOMPUTER_NAME ]] ; then
theGroupName="$DISPLAY__DFCA_INTERNET_LAW"
fi
# Store the result
gIDToName[$theGID]=$theGroupName
else
theGroupName=${gIDToName[$theGID]}
fi
fi
## Identify the tech giant
techGiantName=$(echo "$message" | sed 's/ .*//g')
## Icon select
if [ $techGiantName = 'Cloudflare' ] ; then
icon='cloud-upload'
elif [ $techGiantName = 'Amazon' ] ; then
icon='amazon-store'
elif [ $techGiantName = 'Akamai' ] ; then
icon='/usr/bin/law-DFCA/akamai.svg'
elif [ $techGiantName = 'Microsoft' ] ; then
icon='im-msn'
elif [ $techGiantName = 'Google' ] ; then
icon='fcitx-googlepinyin'
elif [ $techGiantName = 'Oracle' ] ; then
icon='/usr/bin/law-DFCA/oracle.svg'
elif [ $techGiantName = 'Tencent' ] ; then
icon='1cestart'
elif [ $techGiantName = 'Alibaba' ] ; then
icon='asciiportal'
elif [ $techGiantName = 'SpaceX' ] ; then
icon='/usr/bin/law-DFCA/spacex.svg'
elif [ $techGiantName = 'Facebook' ] ; then
icon='im-facebook'
elif [ $techGiantName = 'Apple' ] ; then
icon='checkra1n'
elif [ $techGiantName = 'Yandex' ] ; then
icon='yandex-browser'
else
icon='crosshairs'
fi
notify-send -t 5000 -i "$icon" "$message" "$theGroupName"
done
sleep 1 # sec
done
# Unset field separator
unset IFS;

BIN
identicons/0.2.0.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 810 B

BIN
identicons/example1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 205 B

BIN
identicons/example2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.0 KiB

BIN
identicons/example3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 286 B

BIN
identicons/example4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.5 KiB

BIN
identicons/example5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 350 B

BIN
identicons/example6.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 881 B

BIN
identicons/example7.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
img/dfca_v1-hero_digital-feudalism-counter-action_blocking-google_photography-cristina-gottardi-unsplash.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 66 KiB

BIN
img/dfca_v1-profile_digital-feudalism-counter-action_blocking-google_photography-cristina-gottardi-unsplash.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
img/dfca_v1-profile_tiny.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.8 KiB

BIN
torrents/DigitalFeudalismCounterAction_0.1.0+(Antitrust+law+by+CYPHERPUNKS).torrent Normal file
View File

Binary file not shown.

3
torrents/DigitalFeudalismCounterAction_0.2.0+(Antitrust+law+by+CYPHERPUNKS).torrent Normal file
View File

@ -0,0 +1,3 @@
d8:announce40:http://tracker2.postman.i2p/announce.php13:announce-listll40:http://tracker2.postman.i2p/announce.phpel69:http://w7tpbzncbcocrqtwwm3nezhnnsw4ozadvi2hmvzdhrqzfxfum7wa.b32.i2p/aee13:creation datei1684026757e4:infod5:filesld6:lengthi215040e4:pathl14:dfca_0.2.0.tareed6:lengthi833e4:pathl18:dfca_0.2.0.tar.asceed6:lengthi168381e4:pathl10:dfca_0.2.070:DigitalFeudalismCounterAction_0.2.0_(Antitrust_law_by_CYPHERPUNKS).txteed6:lengthi1799e4:pathl10:dfca_0.2.020:UPGRADING_FROM_0.1.034:202302_02_spacex-CIDRCollapsed.txteed6:lengthi20521e4:pathl10:dfca_0.2.020:UPGRADING_FROM_0.1.010:UPDATER.sheed6:lengthi467e4:pathl10:dfca_0.2.020:UPGRADING_FROM_0.1.010:akamai.svgeed6:lengthi9077e4:pathl10:dfca_0.2.020:UPGRADING_FROM_0.1.031:notify-me-of-firewall-action.sheed6:lengthi3301e4:pathl19:unsender-pubkey.asceee4:name66:DigitalFeudalismCounterAction_0.2.0 (Antitrust law by CYPHERPUNKS)12:piece lengthi65536e6:pieces140:OÎ)ÉuçjX+K…g(Ö=ô®òU´Ë\„å±P¨u]<5D>b_áŸ_ä\l@¬ÕànÚÀç;Kþ°-¿·ZgrìÙl7±À<>E]¹˜o}ðJ­É ~ Às g†ŽoŒ”võúŠ
…w£^„€ð×<C3B0>MÇœÛna
EŠYòö J-Üp@@Ldee

54
unsender-pubkey.asc Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGQXBYsBEADgeiXwJ14HTxZDmT7zFc7HQbI6NfCEWVB86sc4jCfQSECuA5MT
qTQyBLCHg8RsG0hbBmi4nuleuX16t359u5bhoOQ88g5ln3pt1lu5Xp4OB5kEXrA3
bJLP2FwUobNVJEUkChMKdP3cxzYh9amNsSwCYFpJhG0ipTPH83zstBcx5RRR5Lzq
d6yzdZAXxrm0s41XkixGyJeXkTV+fewu/uODvuuIc87B5ZrcrpOxN3YARPLOo/nR
4Tysek2KwhlLjN0DkMKyfhibapAfd9y3Hmg5Zt15zXFOmswW9N3hRxCZU3M0oLOy
x0UBaKOf1/NfHdxk4avzLea0kQ8nu9+tL9V6iVyIeHKF0r7MXE0NLj0pxMB3xzyT
BISYw8CIKjR4dlEk4NpKEb4X9rGzUQv7FIaZb52gsVcMmKaZFaJzF2fIwn5wCARp
/33pJ/fGegQ38qqVqXlSyGcPjHuhyC9zZwFZr35Juml8TnZnHgtD7ra7hDfYnUa0
9c7KR+G7gIM2+cCA0eHvojwZn4BDTi8d9bh5bKeSyawugU+Sajwg3tFXjisLYQUz
aMaAQTPB2YycLOl44nJznmeqoNRJlBVmdOlDDebRQffsq0owa+CLu3xckeQCYOlc
xC1mIi00EH7XhhJQo2m4c3AevQVBgPvv9ob/l67tV4ZKw1hzDwLPSs25DQARAQAB
tJ1VbnNlbmRlciAoT3JpZ2luYWwgcHVibGlzaGVyIG9mIHRoZSBEaWdpdGFsIEZl
dWRhbGlzbSBDb3VudGVyIEFjdGlvbiBMYXcgcmVsZWFzZWQgaW4gTWFyY2ggMjAy
MyBvbiBhbiBJMlAgZGV2ZWxvcG1lbnQgc2l0ZS4pIDx0aGlzLWVtQGlsLWRvZXMt
bm90LWV4aXN0LmZha2U+iQJOBBMBCAA4FiEEomQIuwY/4AGLGjfM9mO+m+kydI8F
AmQXBYsCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ9mO+m+kydI9IZhAA
xa5uhSnJDBWI9vqrd1S7kuOqogDJNSK4Ieg+2UKBZscC960i8fTQXtVrivc91+JX
bCqi/2AWlVjoOFscZZZXNEYYg27w5NGyaPpRRbCgvaTTe4UOCxTF0m/OA4Rf8r2R
FeQIdDgGci+VbMpksmmkoP6Bm5WeKw0tcpvfsFsG5XkAiXmFEXKcRoVnAtmIvCbS
haecbGHMhUSovi3xq+raqb9uC9BQKoh+zdAgpAikxzqmN2UFbIbtssUGFdwCERRn
Okb/3kEjKsVwMuoPWAE3FFx2xvt//a8lCB85l6G8u+mgGybs2AyGotVFQyolWBXF
TtMggRkDloLbOPgrrF2s4C+xqXK9M5HkdoXPRRaTVExiLGNo9ObsN06pkZ8eJpzv
Aq+EALEtY8gWknAFNr8NyptMEM16IK6OulxP+8GtZ8c/nTWp7Zp5H7NtqZogeaH4
kGyTAw2xEK5NwdThQljY0xME5x5XMXkhga/y6PQI3zgJMx1HxpKpYRLzwChSl32C
RhcQN1ukiDXhj7erl+dBef9+72xHQPb1pxIW4GvsAWHlfMYtPBwLadrvj4O09X4f
mxEFTJZtdcJGZUEijXhG8W1+FdP0/yUlpmWeOc3vhzYulFoaCDR54pj0PMDsMA+s
vWn8gOisxM5O+O3M4EqX7FtwyjsvureGhFtiZQ62/iu5Ag0EZBcFiwEQALfVrhzm
0ZNQyvspcha/jANoUmzVIiFv7dAjYNaKi+WrqY5HjmjQ7GGSM8G8ro3fJc3yki1X
4/GZgE2Hp5oejUDbz4Lfc1bKcnlKdG33AhM4MovhdT0hSjA6FSD+qdcNjhUFToaA
mERYHQ7iCFDkEQDZElgeagb+wef+yIWUzjXmm0AZQbTzcKgjXMHe1nUGAvnd5HuN
pTbryh+4PaeIf5CfGxdLbw915E41ks1lpnUhyNDFfhzfDXj5/lDDKH3vRCs+2DbH
XWelImTWuAMw4R9cuqx4eVLjogZ0WY22X1nAKHIvFerf7TZGROiiG51i08M8uXwy
FyrS24La7o2i2lghP22pFY6mWgJ73vYiwd4spRgWt5sW76+HaVR/AfRwMtaxrDw1
p+S9Z6cI+4Ay6228G3ScaCBnO/qFXn6bsMxQz/7YPYr/1NKUY0BrEEDN2eXPxDdN
cuyAOJD8e+iqpp5/r75uo8L1jILu/84vDfvtuxvUDTPyl2jqbFIj41+CtT+KK1PS
F+9yJiww17grYAN1Fw71Jn6u+mMPYkYi7w1PQj6kkfsJnFVmBdNWMZHxQv4u9VN9
FDmH33yqElXmCAU0gnONinlCtCHx9vIgfA5tuuV8RVnRR3rgJEUPbXmmtfV+dMdy
gd2pC1aLo0ocP3W8tCXxEyZpaWQM+4Zv1jfZABEBAAGJAjYEGAEIACAWIQSiZAi7
Bj/gAYsaN8z2Y76b6TJ0jwUCZBcFiwIbDAAKCRD2Y76b6TJ0jwsbD/0ZItvJGKfD
bx7bSsdjr3J0mhDcbbbIw9E90nL7kHbfxEtqB0R/e1V4IONWRCkJxUybuii10jW7
DnUFLVtIQqTUThdA9890z4ATNtLg8AJ/PnEBBUscI3xKF4dP0uESZuHo152rrkNA
8nXLt+iNDbBSxmaeDIq5+ghTasXo7/DkRBP7/5OzDYa77paXBvOmPeOnFL2SDRoE
I6UQDhU3peDPwRUN/Y1ymbboQTv0ulhMaRC0CF8+9KDkJ1e20rqVObu70dOGN0Dj
7UXBiWZ+blOKsrOc1RKRy36lsutD4u2XGnzLARdkf7OtQpNrQZYfN+jKSMaybkPC
YbHNlWpkCw15Li7nLN1ZenYInhJKGA7xzjfWb2e5SnmD90yyZw9exV7HBElx7+7z
hxNainHB+wC8tsJHNAf/zWHSGUjH2TbIU9P+k7CVk657bN+L4WMWqaRrIcUmXT6G
5FxoZFeNAn653WJ8ZuGVp38EbWSyP0CB2MeU6qQTLQsMivGt0BWpMnr87LO+YJA6
8070l5fRc7S1ukmpN/aVDbrgM5URjugQ0UVCcPbhN/Z3Uc0CciByQ99DHK3aKoJU
yLJz/lrXOgKFVD8CbjYl0B52TO9/7EF2XQH2qUM6le/EhrX9oQhZoXMqdhczsfJS
Xh0uAiBxNcVTzdevr7UY3s5yRt6OWd8cHw==
=eglv
-----END PGP PUBLIC KEY BLOCK-----